Documentation
¶
Overview ¶
Package api provides a low-level client for the Passbolt API.
Index ¶
- Constants
- Variables
- func FormatSessionKey(sk *crypto.SessionKey) string
- func GetPrivateKeyFromArmor(privateKey string, passphrase []byte) (*crypto.Key, error)
- type APIError
- type APIHeader
- type APIResponse
- type ARO
- type AuthenticationToken
- type Avatar
- type Client
- func (c *Client) AddPendingSessionKey(foreignModel ForeignModelTypes, foreignID string, ...)
- func (c *Client) CheckSession(ctx context.Context) bool
- func (c *Client) ClearCache()
- func (c *Client) ClearMetadataKeysCache()
- func (c *Client) ClearResourceTypesCache()
- func (c *Client) ClearSessionKeyCache()
- func (c *Client) CreateComment(ctx context.Context, resourceID string, comment Comment) (*Comment, error)
- func (c *Client) CreateFavorite(ctx context.Context, resourceID string) (*Favorite, error)
- func (c *Client) CreateFolder(ctx context.Context, folder Folder) (*Folder, error)
- func (c *Client) CreateGroup(ctx context.Context, group Group) (*Group, error)
- func (c *Client) CreateResource(ctx context.Context, resource Resource) (*Resource, error)
- func (c *Client) CreateSessionKeysBundle(ctx context.Context, encryptedData string) (*MetadataSessionKey, error)
- func (c *Client) CreateUser(ctx context.Context, user User) (*User, error)
- func (c *Client) DecryptMessage(armoredCiphertext string) (string, error)
- func (c *Client) DecryptMessageWithPrivateKeyAndReturnSessionKey(privateKey *crypto.Key, armoredCiphertext string) (string, *crypto.SessionKey, error)
- func (c *Client) DecryptMessageWithSessionKey(sessionKey *crypto.SessionKey, ciphertextArmored string) (string, error)
- func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error)
- func (c *Client) DecryptMetadataWithKeyID(metadataKeyID string, metadataKey *crypto.Key, armoredCiphertext string) (string, error)
- func (c *Client) DecryptMetadataWithResourceID(resourceID, metadataKeyID string, metadataKey *crypto.Key, ...) (string, error)
- func (c *Client) DecryptSecretWithResourceID(resourceID string, armoredCiphertext string) (string, error)
- func (c *Client) DeleteComment(ctx context.Context, commentID string) error
- func (c *Client) DeleteFavorite(ctx context.Context, favoriteID string) error
- func (c *Client) DeleteFolder(ctx context.Context, folderID string) error
- func (c *Client) DeleteGroup(ctx context.Context, groupID string) error
- func (c *Client) DeleteResource(ctx context.Context, resourceID string) error
- func (c *Client) DeleteSessionKey(ctx context.Context, sessionKeyID string) error
- func (c *Client) DeleteUser(ctx context.Context, userID string) error
- func (c *Client) DeleteUserDryrun(ctx context.Context, userID string) error
- func (c *Client) DoCustomRequest(ctx context.Context, method, path, version string, body interface{}, ...) (*APIResponse, error)deprecated
- func (c *Client) DoCustomRequestAndReturnRawResponse(ctx context.Context, method, path, version string, body interface{}, ...) (*http.Response, *APIResponse, error)deprecated
- func (c *Client) DoCustomRequestAndReturnRawResponseV5(ctx context.Context, method, path string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error)
- func (c *Client) DoCustomRequestV5(ctx context.Context, method, path string, body interface{}, opts interface{}) (*APIResponse, error)
- func (c *Client) EncryptMessage(message string) (string, error)
- func (c *Client) EncryptMessageWithKey(publicKey *crypto.Key, message string) (string, error)
- func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error)deprecated
- func (c *Client) EncryptMetadata(metadataKey *crypto.Key, data string) (string, error)
- func (c *Client) FetchAndCacheSessionKeys(ctx context.Context) (int, error)
- func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCommentsOptions) ([]Comment, error)
- func (c *Client) GetDecryptedMetadataKeyCached(ctx context.Context, id string) (*crypto.Key, error)
- func (c *Client) GetFolder(ctx context.Context, folderID string, opts *GetFolderOptions) (*Folder, error)
- func (c *Client) GetFolders(ctx context.Context, opts *GetFoldersOptions) ([]Folder, error)
- func (c *Client) GetGPGKey(ctx context.Context, gpgkeyID string) (*GPGKey, error)
- func (c *Client) GetGPGKeys(ctx context.Context, opts *GetGPGKeysOptions) ([]GPGKey, error)
- func (c *Client) GetGroup(ctx context.Context, groupID string) (*Group, error)
- func (c *Client) GetGroups(ctx context.Context, opts *GetGroupsOptions) ([]Group, error)
- func (c *Client) GetHealthCheckStatus(ctx context.Context) (string, error)
- func (c *Client) GetMe(ctx context.Context) (*User, error)
- func (c *Client) GetMetadataKey(ctx context.Context, personal bool) (string, MetadataKeyType, *crypto.Key, error)
- func (c *Client) GetMetadataKeyByID(ctx context.Context, id string) (*crypto.Key, error)
- func (c *Client) GetMetadataKeys(ctx context.Context, opts *GetMetadataKeysOptions) ([]MetadataKey, error)
- func (c *Client) GetMetadataKeysCached(ctx context.Context) ([]MetadataKey, error)
- func (c *Client) GetMetadataSessionKeys(ctx context.Context) ([]MetadataSessionKey, error)
- func (c *Client) GetPGPHandle() *crypto.PGPHandle
- func (c *Client) GetPasswordExpirySettings() PasswordExpirySettings
- func (c *Client) GetPendingSessionKeys() []*PendingSessionKey
- func (c *Client) GetPendingSessionKeysCount() int
- func (c *Client) GetPublicKey(ctx context.Context) (string, string, error)
- func (c *Client) GetResource(ctx context.Context, resourceID string) (*Resource, error)
- func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string) ([]Permission, error)
- func (c *Client) GetResourceType(ctx context.Context, typeID string) (*ResourceType, error)
- func (c *Client) GetResourceTypeBySlugCached(ctx context.Context, slug string) (*ResourceType, error)
- func (c *Client) GetResourceTypeCached(ctx context.Context, typeID string) (*ResourceType, error)
- func (c *Client) GetResourceTypes(ctx context.Context, opts *GetResourceTypesOptions) ([]ResourceType, error)
- func (c *Client) GetResourceTypesCached(ctx context.Context) ([]ResourceType, error)
- func (c *Client) GetResources(ctx context.Context, opts *GetResourcesOptions) ([]Resource, error)
- func (c *Client) GetRoles(ctx context.Context) ([]Role, error)
- func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error)
- func (c *Client) GetServerMetadataKeySettings(ctx context.Context) (*MetadataKeySettings, error)
- func (c *Client) GetServerMetadataTypeSettings(ctx context.Context) (*MetadataTypeSettings, error)
- func (c *Client) GetServerSettings(ctx context.Context) (*ServerSettingsResponse, error)
- func (c *Client) GetSessionKeyByMetadataKeyID(metadataKeyID string) *crypto.SessionKey
- func (c *Client) GetSessionKeyByResourceID(resourceID string) *crypto.SessionKey
- func (c *Client) GetTrustedMetadatakeyFingerprint() *string
- func (c *Client) GetUser(ctx context.Context, userID string) (*User, error)
- func (c *Client) GetUserID() string
- func (c *Client) GetUserPrivateKeyCopy() (*crypto.Key, error)
- func (c *Client) GetUsers(ctx context.Context, opts *GetUsersOptions) ([]User, error)
- func (c *Client) Login(ctx context.Context) error
- func (c *Client) Logout(ctx context.Context) error
- func (c *Client) MetadataKeySettings() MetadataKeySettings
- func (c *Client) MetadataTypeSettings() MetadataTypeSettings
- func (c *Client) MoveFolder(ctx context.Context, folderID, folderParentID string) error
- func (c *Client) MoveResource(ctx context.Context, resourceID, folderParentID string) error
- func (c *Client) PerformHealthCheck(ctx context.Context) (json.RawMessage, error)
- func (c *Client) PreDecryptAllMetadataPrivateKeys(ctx context.Context) (int, error)
- func (c *Client) PreFetchCaches(ctx context.Context) (sessionCount, metadataKeyCount int, err error)
- func (c *Client) SavePendingSessionKeys(ctx context.Context) (int, error)
- func (c *Client) SearchAROs(ctx context.Context, opts SearchAROsOptions) ([]ARO, error)
- func (c *Client) SetSessionKeyByMetadataKeyID(metadataKeyID string, sessionKey *crypto.SessionKey)
- func (c *Client) SetSessionKeyByResourceID(resourceID string, sessionKey *crypto.SessionKey)
- func (c *Client) SetTrustedMetadatakeyFingerprint(fingerprint string, signTime time.Time)
- func (c *Client) SetupComplete(ctx context.Context, userID string, request SetupCompleteRequest) error
- func (c *Client) SetupInstall(ctx context.Context, userID, token string) (*SetupInstallResponse, error)
- func (c *Client) SetupServerVerification(ctx context.Context) (string, string, error)
- func (c *Client) ShareFolder(ctx context.Context, folderID string, permissions []Permission) error
- func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) error
- func (c *Client) SimulateShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) (*ResourceShareSimulationResult, error)
- func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Comment) (*Comment, error)
- func (c *Client) UpdateFolder(ctx context.Context, folderID string, folder Folder) (*Folder, error)
- func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUpdate) (*Group, error)
- func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update GroupUpdate) (*UpdateGroupDryRunResult, error)
- func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource Resource) (*Resource, error)
- func (c *Client) UpdateSessionKeysBundle(ctx context.Context, bundleID string, encryptedData string, modified Time) (*MetadataSessionKey, error)
- func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*User, error)
- func (c *Client) VerifyServer(ctx context.Context, token, encToken string) error
- type Comment
- type Favorite
- type Folder
- type ForeignModelTypes
- type GPGAuth
- type GPGKey
- type GPGVerify
- type GPGVerifyContainer
- type GetCommentsOptions
- type GetFolderOptions
- type GetFoldersOptions
- type GetGPGKeysOptions
- type GetGroupsOptions
- type GetMetadataKeysOptions
- type GetResourceTypesOptions
- type GetResourcesOptions
- type GetUsersOptions
- type Group
- type GroupJoinData
- type GroupMembership
- type GroupSecret
- type GroupUpdate
- type GroupUser
- type Login
- type MFAChallenge
- type MFAChallengeResponse
- type MFAProviders
- type MetadataKey
- type MetadataKeySettings
- type MetadataKeyType
- type MetadataPrivateKey
- type MetadataPrivateKeyData
- type MetadataSessionKey
- type MetadataSessionKeyData
- type MetadataSessionKeyDataElement
- type MetadataTypeSettings
- type PassboltAPIVersionType
- type PasswordExpirySettings
- type PendingSessionKey
- type Permission
- type Profile
- type PublicKeyReponse
- type Resource
- type ResourceShareRequest
- type ResourceShareSimulationChange
- type ResourceShareSimulationChanges
- type ResourceShareSimulationResult
- type ResourceShareSimulationUser
- type ResourceType
- type ResourceTypeSchema
- type Role
- type SearchAROsOptions
- type Secret
- type SecretDataTOTP
- type SecretDataTypePasswordAndDescriptiondeprecated
- type SecretDataTypePasswordDescriptionTOTPdeprecated
- type SecretDataTypeTOTPdeprecated
- type SecretDataTypeV5Defaultdeprecated
- type SecretDataTypeV5DefaultWithTOTPdeprecated
- type SecretDataTypeV5PasswordStringdeprecated
- type SecretDataTypeV5TOTPStandalonedeprecated
- type ServerPassboltPluginSettings
- type ServerPassboltSettings
- type ServerSettingsResponse
- type SetupCompleteRequest
- type SetupInstallResponse
- type Tag
- type Time
- type URL
- type UpdateGroupDryRun
- type UpdateGroupDryRunResult
- type UpdateGroupDryRunSecretsNeeded
- type UpdateGroupSecretsNeededContainer
- type User
Constants ¶
const ( ForeignModelTypesResource ForeignModelTypes = "Resource" ForeignModelTypesSecret ForeignModelTypes = "Secret" ForeignModelTypesFolder = "Folder" ForeignModelTypesComment = "Comment" ForeignModelTypesTag = "Tag" )
const PassboltObjectTypeResourceMetadata = "PASSBOLT_RESOURCE_METADATA"
const PassboltObjectTypeSecretData = "PASSBOLT_SECRET_DATA"
const UserLocaleENUK = "en-UK"
Variables ¶
var ( // Authentication & session errors ErrNoPrivateKey = errors.New("client has no user private key") ErrSessionNotFound = errors.New("cannot find session cookie") ErrEmptyAuthToken = errors.New("got empty X-GPGAuth-User-Auth-Token header") ErrMFAFailed = errors.New("MFA challenge failed") ErrMFACallbackMissing = errors.New("MFA callback is not defined") // Data lookup errors ErrResourceTypeNotFound = errors.New("resource type not found") ErrMetadataKeyNotFound = errors.New("metadata key not found") ErrNoMetadataPrivateKey = errors.New("no metadata private key for user") ErrInvalidUUID = errors.New("UUID is not in valid format") )
var ErrAPIResponseErrorStatusCode = errors.New("error API JSON Response Status")
ErrAPIResponseErrorStatusCode indicates the API returned an error status.
Deprecated: Use errors.As with *APIError instead.
var ErrAPIResponseUnknownStatusCode = errors.New("unknown API JSON Response Status")
ErrAPIResponseUnknownStatusCode indicates the API returned an unknown status.
Deprecated: Use errors.As with *APIError instead.
var ResourceSchemas = map[string]json.RawMessage{ "v5-default": json.RawMessage(` { "resource": { "type": "object", "required": ["name"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_RESOURCE_METADATA"] }, "resource_type_id": { "type": "string" }, "name": { "type": "string", "maxLength": 255 }, "username": { "type": ["string", "null"], "maxLength": 255 }, "uris": { "type": "array", "items": { "type": "string", "maxLength": 1024 } }, "description": { "type": ["string", "null"], "maxLength": 10000 } } }, "secret": { "type": "object", "required": ["password"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_SECRET_DATA"] }, "password": { "type": ["string", "null"], "maxLength": 4096 }, "description": { "type": ["string", "null"], "maxLength": 10000 } } } }`), "v5-password-string": json.RawMessage(` { "resource": { "type": "object", "required": ["name"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_RESOURCE_METADATA"] }, "resource_type_id": { "type": "string" }, "name": { "type": "string", "maxLength": 255 }, "username": { "type": ["string", "null"], "maxLength": 255 }, "uris": { "type": "array", "items": { "type": "string", "maxLength": 1024 } }, "description": { "type": ["string", "null"], "maxLength": 10000 } } }, "secret": { "type": "string", "maxLength": 4096 } }`), "v5-default-with-totp": json.RawMessage(` { "resource": { "type": "object", "required": ["name"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_RESOURCE_METADATA"] }, "resource_type_id": { "type": "string" }, "name": { "type": "string", "maxLength": 255 }, "username": { "type": ["string", "null"], "maxLength": 255 }, "uris": { "type": "array", "items": { "type": "string", "maxLength": 1024 } }, "description": { "type": ["string", "null"], "maxLength": 10000 } } }, "secret": { "type": "object", "required": ["totp"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_SECRET_DATA"] }, "password": { "type": ["string", "null"], "maxLength": 4096 }, "description": { "type": ["string", "null"], "maxLength": 10000 }, "totp": { "type": "object", "required": ["secret_key", "digits", "algorithm"], "properties": { "algorithm": { "type": "string", "minLength": 4, "maxLength": 6 }, "secret_key": { "type": "string", "maxLength": 1024 }, "digits": { "type": "number", "minimum": 6, "maximum": 8 }, "period": { "type": "number" } } } } } }`), "v5-totp-standalone": json.RawMessage(` { "resource": { "type": "object", "required": ["name"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_RESOURCE_METADATA"] }, "resource_type_id": { "type": "string" }, "name": { "type": "string", "maxLength": 255 }, "uris": { "type": "array", "items": { "type": "string", "maxLength": 1024 } }, "description": { "type": ["string", "null"], "maxLength": 10000 } } }, "secret": { "type": "object", "required": ["totp"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_SECRET_DATA"] }, "totp": { "type": "object", "required": ["secret_key", "digits", "algorithm"], "properties": { "algorithm": { "type": "string", "minLength": 4, "maxLength": 6 }, "secret_key": { "type": "string", "maxLength": 1024 }, "digits": { "type": "number", "minimum": 6, "maximum": 8 }, "period": { "type": "number" } } } } } }`), "v5-custom-fields": json.RawMessage(` { "resource": { "type": "object", "required": ["name", "custom_fields"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_RESOURCE_METADATA"] }, "resource_type_id": { "type": "string" }, "name": { "type": "string", "maxLength": 255 }, "uris": { "type": "array", "items": { "type": "string", "maxLength": 1024 } }, "description": { "type": ["string", "null"], "maxLength": 10000 }, "custom_fields": { "type": "array", "maxItems": 128, "items": { "type": "object", "required": ["id", "type"], "properties": { "id": { "type": "string" }, "type": { "type": "string", "enum": ["text", "password", "boolean", "number", "uri"] }, "metadata_key": { "type": ["string", "null"] }, "metadata_value": {} } } } } }, "secret": { "type": "object", "required": ["custom_fields"], "additionalProperties": false, "properties": { "object_type": { "type": "string", "enum": ["PASSBOLT_SECRET_DATA"] }, "custom_fields": { "type": "array", "maxItems": 128, "items": { "type": "object", "required": ["id", "type"], "properties": { "id": { "type": "string" }, "type": { "type": "string", "enum": ["text", "password", "boolean", "number", "uri"] }, "secret_key": { "type": ["string", "null"] }, "secret_value": {} } } } } } }`), }
ResourceSchemas is a fallback schema, only to be used if we encounter a broken server (v5.0). Not API stable!
Functions ¶
func FormatSessionKey ¶ added in v0.8.0
func FormatSessionKey(sk *crypto.SessionKey) string
FormatSessionKey converts a crypto.SessionKey to the server format "9:HEXHEX..."
Types ¶
type APIError ¶ added in v0.8.0
APIError represents a structured error from the Passbolt API response. It carries the HTTP status code, server message, and response body, allowing consumers to inspect error details programmatically via errors.As.
type APIHeader ¶
type APIHeader struct {
ID string `json:"id"`
Status string `json:"status"`
Servertime int `json:"servertime"`
Action string `json:"action"`
Message string `json:"message"`
URL string `json:"url"`
Code int `json:"code"`
}
APIHeader is the Struct representation of the Header of a APIResponse
type APIResponse ¶
type APIResponse struct {
Header APIHeader `json:"header"`
Body json.RawMessage `json:"body"`
}
APIResponse is the Struct representation of a Json Response
type ARO ¶
ARO is a User or a Group
func (ARO) MarshalJSON ¶ added in v0.8.0
MarshalJSON implements custom marshaling for ARO. It marshals the User if Username is set, otherwise the Group.
func (*ARO) UnmarshalJSON ¶ added in v0.8.0
UnmarshalJSON implements custom unmarshaling for ARO. The API returns a flat array mixing User and Group objects, so we detect the type by checking for distinguishing fields.
type AuthenticationToken ¶
type AuthenticationToken struct {
Token string `json:"token,omitempty"`
}
type Avatar ¶
type Avatar struct {
ID string `json:"id,omitempty"`
UserID string `json:"user_id,omitempty"`
ForeignKey string `json:"foreign_key,omitempty"`
Model string `json:"model,omitempty"`
Filename string `json:"filename,omitempty"`
Filesize int `json:"filesize,omitempty"`
MimeType string `json:"mime_type,omitempty"`
Extension string `json:"extension,omitempty"`
Hash string `json:"hash,omitempty"`
Path string `json:"path,omitempty"`
Adapter string `json:"adapter,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
URL *URL `json:"url,omitempty"`
}
Avatar is a Users Avatar
type Client ¶
type Client struct {
// MetadataKeyUpdatedCallback is Called by the Client when the Metadatakey has changed
// trusted shows if this key has been signed and thus been trusted by another client of this user
// the consumer should prompt the user about the keychange and save the new fingerprint (may be skipped if it is trusted).
// If no error is returned then the new key will be accepted and its fingerprint set in the client
MetadataKeyUpdatedCallback func(ctx context.Context, trusted bool, fingerprint string, signTime time.Time) error
// used for solving MFA challenges. You can block this to for example wait for user input.
// You shouden't run any unrelated API Calls while you are in this callback.
// You need to Return the Cookie that Passbolt expects to verify you MFA, usually it is called passbolt_mfa
MFACallback func(ctx context.Context, c *Client, res *APIResponse) (http.Cookie, error)
// Enable Debug Logging
Debug bool
// contains filtered or unexported fields
}
Client is a Client struct for the Passbolt api. The Client is thread-safe for concurrent use. All crypto operations and cache access are protected by internal mutexes.
func NewClient ¶
func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, UserPassword string) (*Client, error)
NewClient Returns a new Passbolt Client. if httpClient is nil http.DefaultClient will be used. if UserAgent is "" "goPassboltClient/1.0" will be used. if UserPrivateKey is "" Key Setup is Skipped to Enable using the Client for User Registration, Most other function will be broken. After Registration a new Client Should be Created.
func (*Client) AddPendingSessionKey ¶ added in v0.8.0
func (c *Client) AddPendingSessionKey(foreignModel ForeignModelTypes, foreignID string, sessionKey *crypto.SessionKey)
AddPendingSessionKey adds a session key to the pending list for later saving
func (*Client) CheckSession ¶
CheckSession Check to see if you have a Valid Session
func (*Client) ClearCache ¶ added in v0.8.0
func (c *Client) ClearCache()
ClearCache clears all cached data
func (*Client) ClearMetadataKeysCache ¶ added in v0.8.0
func (c *Client) ClearMetadataKeysCache()
ClearMetadataKeysCache clears the metadata keys cache with secure memory zeroing
func (*Client) ClearResourceTypesCache ¶ added in v0.8.0
func (c *Client) ClearResourceTypesCache()
ClearResourceTypesCache clears the resource types cache
func (*Client) ClearSessionKeyCache ¶ added in v0.8.0
func (c *Client) ClearSessionKeyCache()
ClearSessionKeyCache clears the session key cache with secure memory zeroing
func (*Client) CreateComment ¶
func (c *Client) CreateComment(ctx context.Context, resourceID string, comment Comment) (*Comment, error)
CreateComment Creates a new Passbolt Comment
func (*Client) CreateFavorite ¶
CreateFavorite Creates a new Passbolt Favorite for the given Resource ID
func (*Client) CreateFolder ¶
CreateFolder Creates a new Passbolt Folder
func (*Client) CreateGroup ¶
CreateGroup Creates a new Passbolt Group
func (*Client) CreateResource ¶
CreateResource Creates a new Passbolt Resource
func (*Client) CreateSessionKeysBundle ¶ added in v0.8.0
func (c *Client) CreateSessionKeysBundle(ctx context.Context, encryptedData string) (*MetadataSessionKey, error)
CreateSessionKeysBundle creates a new session keys bundle on the server
func (*Client) CreateUser ¶
CreateUser Creates a new Passbolt User
func (*Client) DecryptMessage ¶
DecryptMessage decrypts a message using the users Private Key. This method is thread-safe.
func (*Client) DecryptMessageWithPrivateKeyAndReturnSessionKey ¶ added in v0.8.0
func (c *Client) DecryptMessageWithPrivateKeyAndReturnSessionKey(privateKey *crypto.Key, armoredCiphertext string) (string, *crypto.SessionKey, error)
DecryptMessageWithPrivateKeyAndReturnSessionKey decrypts a message using the provided private key. Returns the session key so that it can be saved in a cache. This method is thread-safe.
func (*Client) DecryptMessageWithSessionKey ¶ added in v0.8.0
func (c *Client) DecryptMessageWithSessionKey(sessionKey *crypto.SessionKey, ciphertextArmored string) (string, error)
DecryptMessageWithSessionKey Decrypts a Message using the Provided Session Key
func (*Client) DecryptMetadata ¶ added in v0.8.0
DecryptMetadata decrypts metadata using the provided key. For session key caching, use DecryptMetadataWithKeyID instead.
func (*Client) DecryptMetadataWithKeyID ¶ added in v0.8.0
func (c *Client) DecryptMetadataWithKeyID(metadataKeyID string, metadataKey *crypto.Key, armoredCiphertext string) (string, error)
DecryptMetadataWithKeyID decrypts metadata using the provided key and caches the session key. The metadataKeyID is used as the cache key for session key caching. If metadataKeyID is empty, session key caching is disabled. For resource-aware caching (using pre-fetched session keys), use DecryptMetadataWithResourceID instead. This method is thread-safe: multiple goroutines can call this method concurrently with the same metadataKey.
func (*Client) DecryptMetadataWithResourceID ¶ added in v0.8.0
func (c *Client) DecryptMetadataWithResourceID(resourceID, metadataKeyID string, metadataKey *crypto.Key, armoredCiphertext string) (string, error)
DecryptMetadataWithResourceID decrypts metadata with resource-aware session key caching. It first checks for a pre-fetched session key by resource ID (from metadata_session_keys table), then falls back to metadata key ID cache, and finally to full asymmetric decryption. This function provides the best performance when PreFetchCaches() has been called. This method is thread-safe: multiple goroutines can call this method concurrently with the same metadataKey.
func (*Client) DecryptSecretWithResourceID ¶ added in v0.8.0
func (c *Client) DecryptSecretWithResourceID(resourceID string, armoredCiphertext string) (string, error)
DecryptSecretWithResourceID decrypts a secret using the user's private key. Secrets are always encrypted per-user, so no session key caching is needed. Session key caching is only used for metadata decryption (shared metadata keys).
func (*Client) DeleteComment ¶
DeleteComment Deletes a Passbolt Comment
func (*Client) DeleteFavorite ¶
DeleteFavorite Deletes a Passbolt Favorite
func (*Client) DeleteFolder ¶
DeleteFolder Deletes a Passbolt Folder
func (*Client) DeleteGroup ¶
DeleteGroup Deletes a Passbolt Group
func (*Client) DeleteResource ¶
DeleteResource Deletes a Passbolt Resource
func (*Client) DeleteSessionKey ¶ added in v0.8.0
DeleteSessionKey Deletes a Passbolt SessionKey
func (*Client) DeleteUser ¶
DeleteUser Deletes a Passbolt User
func (*Client) DeleteUserDryrun ¶
DeleteUserDryrun Check if a Passbolt User is Deleteable
func (*Client) DoCustomRequest
deprecated
func (*Client) DoCustomRequestAndReturnRawResponse
deprecated
func (c *Client) DoCustomRequestAndReturnRawResponse(ctx context.Context, method, path, version string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error)
DoCustomRequestAndReturnRawResponse Executes a Custom Request and returns a APIResponse and the Raw HTTP Response
Deprecated: DoCustomRequestAndReturnRawResponse is deprecated. Use DoCustomRequestAndReturnRawResponseV5 instead
func (*Client) DoCustomRequestAndReturnRawResponseV5 ¶ added in v0.8.0
func (*Client) DoCustomRequestV5 ¶ added in v0.8.0
func (c *Client) DoCustomRequestV5(ctx context.Context, method, path string, body interface{}, opts interface{}) (*APIResponse, error)
DoCustomRequestV5 Executes a Custom Request and returns a APIResponse
func (*Client) EncryptMessage ¶
EncryptMessage encrypts a message using the users public key and then signes the message using the users private key. This method is thread-safe.
func (*Client) EncryptMessageWithKey ¶ added in v0.8.0
EncryptMessageWithKey encrypts a message using the provided key and then signes the message using the users private key. This method is thread-safe.
func (*Client) EncryptMessageWithPublicKey
deprecated
EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key
Deprecated: EncryptMessageWithPublicKey is deprecated. Use EncryptMessageWithKey instead
func (*Client) EncryptMetadata ¶ added in v0.8.0
func (*Client) FetchAndCacheSessionKeys ¶ added in v0.8.0
FetchAndCacheSessionKeys fetches all metadata session keys from the server, decrypts the PGP message, and caches all per-resource session keys. The metadata_session_keys table contains ONE row per user with a SINGLE PGP message that, when decrypted, contains ALL session keys for all resources the user can access. Returns the number of session keys cached.
func (*Client) GetComments ¶
func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCommentsOptions) ([]Comment, error)
GetComments gets all Passbolt Comments an The Specified Resource
func (*Client) GetDecryptedMetadataKeyCached ¶ added in v0.8.0
GetDecryptedMetadataKeyCached returns a copy of a cached decrypted metadata key by ID. If not in cache, it will fetch and decrypt the key.
The returned key is a copy that the caller owns and can use without synchronization. This allows multiple goroutines to decrypt metadata concurrently without contention.
func (*Client) GetFolder ¶
func (c *Client) GetFolder(ctx context.Context, folderID string, opts *GetFolderOptions) (*Folder, error)
GetFolder gets a Passbolt Folder
func (*Client) GetFolders ¶
GetFolders gets all Folders from the Passboltserver
func (*Client) GetGPGKeys ¶
GetGPGKeys gets all Passbolt GPGKeys
func (*Client) GetHealthCheckStatus ¶
GetHealthCheckStatus gets the Server Status
func (*Client) GetMetadataKey ¶ added in v0.8.0
func (c *Client) GetMetadataKey(ctx context.Context, personal bool) (string, MetadataKeyType, *crypto.Key, error)
GetMetadataKey gets a Metadata key, Personal indicates if the function should return the personal key, If personal keys have been disabled on the server then we return the shared key Returns the Key ID, Key Type and the Key itself
func (*Client) GetMetadataKeyByID ¶ added in v0.8.0
GetMetadataKeyByID is for fetching a specific metadatakey if needed for decryption, these are not verified.
func (*Client) GetMetadataKeys ¶ added in v0.8.0
func (c *Client) GetMetadataKeys(ctx context.Context, opts *GetMetadataKeysOptions) ([]MetadataKey, error)
GetMetadataKeys gets all Passbolt GetMetadataKeys
func (*Client) GetMetadataKeysCached ¶ added in v0.8.0
func (c *Client) GetMetadataKeysCached(ctx context.Context) ([]MetadataKey, error)
GetMetadataKeysCached returns cached metadata keys, fetching from API if cache is empty
func (*Client) GetMetadataSessionKeys ¶ added in v0.8.0
func (c *Client) GetMetadataSessionKeys(ctx context.Context) ([]MetadataSessionKey, error)
GetMetadataSessionKeys gets the Metadata Session Keys
func (*Client) GetPGPHandle ¶ added in v0.8.0
GetPGPHandle Gets the Gopgenpgp Handler
func (*Client) GetPasswordExpirySettings ¶ added in v0.8.0
func (c *Client) GetPasswordExpirySettings() PasswordExpirySettings
GetPasswordExpirySettings returns the password expiry settings for the client
func (*Client) GetPendingSessionKeys ¶ added in v0.8.0
func (c *Client) GetPendingSessionKeys() []*PendingSessionKey
GetPendingSessionKeys returns all pending session keys and clears the pending list
func (*Client) GetPendingSessionKeysCount ¶ added in v0.8.0
GetPendingSessionKeysCount returns the number of pending session keys without clearing
func (*Client) GetPublicKey ¶
GetPublicKey gets the Public Key and Fingerprint of the Passbolt instance
func (*Client) GetResource ¶
GetResource gets a Passbolt Resource
func (*Client) GetResourcePermissions ¶
func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string) ([]Permission, error)
GetResourcePermissions gets a Resources Permissions
func (*Client) GetResourceType ¶
GetResourceType gets a Passbolt Type
func (*Client) GetResourceTypeBySlugCached ¶ added in v0.8.0
func (c *Client) GetResourceTypeBySlugCached(ctx context.Context, slug string) (*ResourceType, error)
GetResourceTypeBySlugCached returns a cached resource type by slug
func (*Client) GetResourceTypeCached ¶ added in v0.8.0
GetResourceTypeCached returns a cached resource type by ID, fetching from API if not in cache
func (*Client) GetResourceTypes ¶
func (c *Client) GetResourceTypes(ctx context.Context, opts *GetResourceTypesOptions) ([]ResourceType, error)
GetResourceTypes gets all Passbolt Resource Types
func (*Client) GetResourceTypesCached ¶ added in v0.8.0
func (c *Client) GetResourceTypesCached(ctx context.Context) ([]ResourceType, error)
GetResourceTypesCached returns cached resource types, fetching from API if cache is empty
func (*Client) GetResources ¶
GetResources gets all Passbolt Resources
func (*Client) GetServerMetadataKeySettings ¶ added in v0.8.0
func (c *Client) GetServerMetadataKeySettings(ctx context.Context) (*MetadataKeySettings, error)
GetServerMetadataKeySettings gets the Servers Settings about which Key to use, usually you should use MetadataKeySettings instead
func (*Client) GetServerMetadataTypeSettings ¶ added in v0.8.0
func (c *Client) GetServerMetadataTypeSettings(ctx context.Context) (*MetadataTypeSettings, error)
GetServerMetadataTypeSettings gets the Servers Settings about which Types to use, usually you should use MetadataTypeSettings instead
func (*Client) GetServerSettings ¶ added in v0.8.0
func (c *Client) GetServerSettings(ctx context.Context) (*ServerSettingsResponse, error)
GetServerSettings gets the Server Settings
func (*Client) GetSessionKeyByMetadataKeyID ¶ added in v0.8.0
func (c *Client) GetSessionKeyByMetadataKeyID(metadataKeyID string) *crypto.SessionKey
GetSessionKeyByMetadataKeyID retrieves a cached session key by metadata key ID. These session keys are extracted during decrypt and cached as fallback. Returns a clone of the cached key to prevent callers from modifying the cache.
func (*Client) GetSessionKeyByResourceID ¶ added in v0.8.0
func (c *Client) GetSessionKeyByResourceID(resourceID string) *crypto.SessionKey
GetSessionKeyByResourceID retrieves a cached session key by resource ID. These session keys come from the metadata_session_keys table. Returns a clone of the cached key to prevent callers from modifying the cache.
func (*Client) GetTrustedMetadatakeyFingerprint ¶ added in v0.8.0
GetTrustedMetadatakeyFingerprint returns the trusted metadata key fingerprint.
func (*Client) GetUserPrivateKeyCopy ¶ added in v0.8.0
GetUserPrivateKeyCopy returns a copy of the user's private key. This method is thread-safe.
func (*Client) Login ¶
Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar. This method is thread-safe.
func (*Client) Logout ¶
Logout closes the current Session on the Passbolt server. IMPORTANT: After logout, the client's user private key is securely zeroed and cleared. The client becomes permanently invalid and CANNOT be reused or re-logged in. For a new session, create a new client instance with NewClient(). This method is thread-safe.
func (*Client) MetadataKeySettings ¶ added in v0.8.0
func (c *Client) MetadataKeySettings() MetadataKeySettings
MetadataKeySettings Gives the Current MetadataKeySettings
func (*Client) MetadataTypeSettings ¶ added in v0.8.0
func (c *Client) MetadataTypeSettings() MetadataTypeSettings
MetadataTypeSettings Gives the Current MetadataTypeSettings
func (*Client) MoveFolder ¶
MoveFolder Moves a Passbolt Folder
func (*Client) MoveResource ¶
MoveResource Moves a Passbolt Resource
func (*Client) PerformHealthCheck ¶
PerformHealthCheck performs a Health Check
func (*Client) PreDecryptAllMetadataPrivateKeys ¶ added in v0.8.0
PreDecryptAllMetadataPrivateKeys pre-decrypts all metadata private keys and caches them. This is typically called during login to avoid lazy decryption later. Returns the number of keys decrypted.
func (*Client) PreFetchCaches ¶ added in v0.8.0
func (c *Client) PreFetchCaches(ctx context.Context) (sessionCount, metadataKeyCount int, err error)
PreFetchCaches pre-fetches and caches session keys and metadata private keys. This should be called after Login() when the server supports v5 metadata. Returns the count of session keys cached, metadata keys decrypted, and any error.
func (*Client) SavePendingSessionKeys ¶ added in v0.8.0
SavePendingSessionKeys saves all pending session keys to the server. It fetches existing bundles, merges with pending keys, encrypts, and saves. Returns the number of session keys saved.
func (*Client) SearchAROs ¶
SearchAROs gets all Passbolt AROs
func (*Client) SetSessionKeyByMetadataKeyID ¶ added in v0.8.0
func (c *Client) SetSessionKeyByMetadataKeyID(metadataKeyID string, sessionKey *crypto.SessionKey)
SetSessionKeyByMetadataKeyID stores a session key for a metadata key ID
func (*Client) SetSessionKeyByResourceID ¶ added in v0.8.0
func (c *Client) SetSessionKeyByResourceID(resourceID string, sessionKey *crypto.SessionKey)
SetSessionKeyByResourceID stores a session key for a specific resource ID
func (*Client) SetTrustedMetadatakeyFingerprint ¶ added in v0.8.0
SetTrustedMetadatakeyFingerprint sets the trusted metadata key fingerprint.
func (*Client) SetupComplete ¶
func (c *Client) SetupComplete(ctx context.Context, userID string, request SetupCompleteRequest) error
SetupComplete Completes setup of a Passbolt Account
func (*Client) SetupInstall ¶
func (c *Client) SetupInstall(ctx context.Context, userID, token string) (*SetupInstallResponse, error)
SetupInstall validates the userid and token used for Account setup, gives back the User Information
func (*Client) SetupServerVerification ¶
SetupServerVerification sets up Server Verification, Only works before login
func (*Client) ShareFolder ¶
ShareFolder Shares a Folder with AROs
func (*Client) ShareResource ¶
func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) error
ShareResource Shares a Resource with AROs
func (*Client) SimulateShareResource ¶
func (c *Client) SimulateShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) (*ResourceShareSimulationResult, error)
SimulateShareResource Simulates Shareing a Resource with AROs
func (*Client) UpdateComment ¶
func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Comment) (*Comment, error)
UpdateComment Updates a existing Passbolt Comment
func (*Client) UpdateFolder ¶
UpdateFolder Updates a existing Passbolt Folder
func (*Client) UpdateGroup ¶
func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUpdate) (*Group, error)
UpdateGroup Updates a existing Passbolt Group
func (*Client) UpdateGroupDryRun ¶
func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update GroupUpdate) (*UpdateGroupDryRunResult, error)
UpdateGroupDryRun Checks that a Passbolt Group update passes validation
func (*Client) UpdateResource ¶
func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource Resource) (*Resource, error)
UpdateResource Updates a existing Passbolt Resource
func (*Client) UpdateSessionKeysBundle ¶ added in v0.8.0
func (c *Client) UpdateSessionKeysBundle(ctx context.Context, bundleID string, encryptedData string, modified Time) (*MetadataSessionKey, error)
UpdateSessionKeysBundle updates an existing session keys bundle on the server. The modified parameter is required for optimistic locking - it must match the current modified timestamp on the server to prevent concurrent modifications.
func (*Client) UpdateUser ¶
UpdateUser Updates a existing Passbolt User
type Comment ¶
type Comment struct {
ID string `json:"id,omitempty"`
ParentID string `json:"parent_id,omitempty"`
ForeignKey string `json:"foreign_key,omitempty"`
Content string `json:"content,omitempty"`
ForeignModel string `json:"foreign_model,omitempty"`
Created *Time `json:"created,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
UserID string `json:"user_id,omitempty"`
Description string `json:"description,omitempty"`
Modified *Time `json:"modified,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"`
Children []Comment `json:"children,omitempty"`
}
Comment is a Comment
type Favorite ¶
type Favorite struct {
ID string `json:"id,omitempty"`
Created *Time `json:"created,omitempty"`
ForeignKey string `json:"foreign_key,omitempty"`
ForeignModel string `json:"foreign_model,omitempty"`
Modified *Time `json:"modified,omitempty"`
}
Favorite is a Favorite
type Folder ¶
type Folder struct {
ID string `json:"id,omitempty"`
Created *Time `json:"created,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
Modified *Time `json:"modified,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"`
Name string `json:"name,omitempty"`
Permissions []Permission `json:"permissions,omitempty"`
FolderParentID string `json:"folder_parent_id,omitempty"`
Personal bool `json:"personal,omitempty"`
ChildrenResources []Resource `json:"children_resources,omitempty"`
ChildrenFolders []Folder `json:"children_folders,omitempty"`
}
Folder is a Folder
type ForeignModelTypes ¶ added in v0.8.0
type ForeignModelTypes string
func (ForeignModelTypes) IsValid ¶ added in v0.8.0
func (s ForeignModelTypes) IsValid() bool
type GPGAuth ¶
type GPGAuth struct {
KeyID string `json:"keyid"`
Token string `json:"user_token_result,omitempty"`
}
GPGAuth is used for login
type GPGKey ¶
type GPGKey struct {
ID string `json:"id,omitempty"`
ArmoredKey string `json:"armored_key,omitempty"`
Created *Time `json:"created,omitempty"`
KeyCreated *Time `json:"key_created,omitempty"`
Bits int `json:"bits,omitempty"`
Deleted bool `json:"deleted,omitempty"`
Modified *Time `json:"modified,omitempty"`
KeyID string `json:"key_id,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
Type string `json:"type,omitempty"`
Expires *Time `json:"expires,omitempty"`
UserID string `json:"user_id,omitempty"`
UID string `json:"uid,omitempty"`
}
GPGKey is a GPGKey
type GPGVerify ¶
type GPGVerify struct {
KeyID string `json:"keyid"`
Token string `json:"server_verify_token,omitempty"`
}
GPGVerify is used for verification
type GPGVerifyContainer ¶
type GPGVerifyContainer struct {
Req GPGVerify `json:"gpg_auth"`
}
GPGVerifyContainer is used for verification
type GetCommentsOptions ¶
type GetCommentsOptions struct {
ContainCreator bool `url:"contain[creator],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
}
GetCommentsOptions are all available query parameters
type GetFolderOptions ¶
type GetFolderOptions struct {
ContainChildrenResources bool `url:"contain[children_resources],omitempty"`
ContainChildrenFolders bool `url:"contain[children_folders],omitempty"`
ContainCreator bool `url:"contain[creator],omitempty"`
ContainCreatorProfile bool `url:"contain[creator.profile],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
ContainModiferProfile bool `url:"contain[modifier.profile],omitempty"`
ContainPermission bool `url:"contain[permission],omitempty"`
ContainPermissions bool `url:"contain[permissions],omitempty"`
ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionGroup bool `url:"contain[permissions.group],omitempty"`
}
GetFolderOptions are all available query parameters
type GetFoldersOptions ¶
type GetFoldersOptions struct {
ContainChildrenResources bool `url:"contain[children_resources],omitempty"`
ContainChildrenFolders bool `url:"contain[children_folders],omitempty"`
ContainCreator bool `url:"contain[creator],omitempty"`
ContainCreatorProfile bool `url:"contain[creator.profile],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
ContainModiferProfile bool `url:"contain[modifier.profile],omitempty"`
ContainPermission bool `url:"contain[permission],omitempty"`
ContainPermissions bool `url:"contain[permissions],omitempty"`
ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionGroup bool `url:"contain[permissions.group],omitempty"`
FilterHasID []string `url:"filter[has-id][],omitempty"`
FilterHasParent []string `url:"filter[has-parent][],omitempty"`
FilterSearch string `url:"filter[search],omitempty"`
}
GetFoldersOptions are all available query parameters
type GetGPGKeysOptions ¶
type GetGPGKeysOptions struct {
// This is a Unix TimeStamp
FilterModifiedAfter int `url:"filter[modified-after],omitempty"`
}
GetGPGKeysOptions are all available query parameters
type GetGroupsOptions ¶
type GetGroupsOptions struct {
FilterHasUsers []string `url:"filter[has_users],omitempty"`
FilterHasManagers []string `url:"filter[has-managers],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
ContainModifierProfile bool `url:"contain[modifier.profile],omitempty"`
ContainMyGroupUser bool `url:"contain[my_group_user],omitempty"`
ContainUsers bool `url:"contain[users],omitempty"`
ContainGroupsUsers bool `url:"contain[groups_users],omitempty"`
ContainGroupsUsersUser bool `url:"contain[groups_users.user],omitempty"`
ContainGroupsUsersUserProfile bool `url:"contain[groups_users.user.profile],omitempty"`
ContainGroupsUsersUserGPGKey bool `url:"contain[groups_users.user.gpgkey],omitempty"`
}
GetGroupsOptions are all available query parameters
type GetMetadataKeysOptions ¶ added in v0.8.0
type GetMetadataKeysOptions struct {
FilterDeleted bool `url:"filter[deleted],omitempty"`
FilterExpired bool `url:"filter[expired],omitempty"`
ContainMetadataPrivateKeys bool `url:"contain[metadata_private_keys],omitempty"`
}
GetMetadataKeysOptions are all available query parameters
type GetResourceTypesOptions ¶
type GetResourceTypesOptions struct {
}
GetResourceTypesOptions is a placeholder for future options
type GetResourcesOptions ¶
type GetResourcesOptions struct {
FilterIsFavorite bool `url:"filter[is-favorite],omitempty"`
FilterIsOwnedByMe bool `url:"filter[is-owned-by-me],omitempty"`
FilterHasID []string `url:"filter[has-id][],omitempty"`
// Parent Folder id
FilterHasParent []string `url:"filter[has-parent][],omitempty"`
FilterHasTag string `url:"filter[has-tag],omitempty"`
// TODO Are undescores correct heare?
MetadataKeyType MetadataKeyType `url:"filter[metadata_key_type],omitempty"`
ContainCreator bool `url:"contain[creator],omitempty"`
ContainFavorites bool `url:"contain[favorite],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
ContainSecret bool `url:"contain[secret],omitempty"`
ContainResourceType bool `url:"contain[resource-type],omitempty"`
ContainPermissions bool `url:"contain[permission],omitempty"`
ContainPermissionsUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionsGroup bool `url:"contain[permissions.group],omitempty"`
ContainTags bool `url:"contain[tag],omitempty"`
}
GetResourcesOptions are all available query parameters
type GetUsersOptions ¶
type GetUsersOptions struct {
FilterSearch string `url:"filter[search],omitempty"`
FilterHasGroup []string `url:"filter[has-group][],omitempty"`
FilterHasAccess []string `url:"filter[has-access][],omitempty"`
FilterIsAdmin bool `url:"filter[is-admin],omitempty"`
// Admin only, TODO are underscores correct?
MissingMetadataKeyIDs bool `url:"filter[missing_metadata_key_ids],omitempty"`
ContainLastLoggedIn bool `url:"contain[LastLoggedIn],omitempty"`
}
GetUsersOptions are all available query parameters
type Group ¶
type Group struct {
ID string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Created *Time `json:"created,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
Deleted bool `json:"deleted,omitempty"`
Modified *Time `json:"modified,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"`
UserCount int `json:"user_count,omitempty"`
// This does not Contain Profile for Users Anymore...
GroupUsers []GroupMembership `json:"groups_users,omitempty"`
// This is new and undocumented but as all the data
Users []GroupUser `json:"users,omitempty"`
}
Group is a Group
type GroupJoinData ¶
type GroupMembership ¶
type GroupMembership struct {
ID string `json:"id,omitempty"`
UserID string `json:"user_id,omitempty"`
GroupID string `json:"group_id,omitempty"`
IsAdmin bool `json:"is_admin,omitempty"`
Delete bool `json:"delete,omitempty"`
User User `json:"user,omitempty"`
Created *Time `json:"created,omitempty"`
}
type GroupSecret ¶
type GroupSecret struct {
Secret []Secret `json:"secret,omitempty"`
}
GroupSecret is a unnessesary container...
type GroupUpdate ¶
type GroupUpdate struct {
Name string `json:"name,omitempty"`
GroupChanges []GroupMembership `json:"groups_users,omitempty"`
Secrets []Secret `json:"secrets,omitempty"`
}
type GroupUser ¶
type GroupUser struct {
User
JoinData GroupJoinData `json:"_join_data,omitempty"`
}
type MFAChallenge ¶ added in v0.6.0
type MFAChallenge struct {
Provider MFAProviders `json:"providers,omitempty"`
}
type MFAChallengeResponse ¶ added in v0.6.0
type MFAChallengeResponse struct {
TOTP string `json:"totp,omitempty"`
}
type MFAProviders ¶
type MFAProviders struct {
TOTP string `json:"totp,omitempty"`
}
type MetadataKey ¶ added in v0.8.0
type MetadataKey struct {
ID string `json:"id,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
ArmoredKey string `json:"armored_key,omitempty"`
Created Time `json:"created,omitempty"`
Modified Time `json:"modified,omitempty"`
CreatedBy *string `json:"created_by,omitempty"`
ModifiedBy *string `json:"modified_by,omitempty"`
MetadataPrivateKeys []MetadataPrivateKey `json:"metadata_private_keys,omitempty"`
}
MetadataKey is a MetadataKey
type MetadataKeySettings ¶ added in v0.8.0
type MetadataKeySettings struct {
AllowUsageOfPersonalKeys bool `json:"allow_usage_of_personal_keys"`
}
MetadataKeySettings contains the server settings about which metadata keys to use.
type MetadataKeyType ¶ added in v0.8.0
type MetadataKeyType string
const ( MetadataKeyTypeUserKey MetadataKeyType = "user_key" )
func (MetadataKeyType) IsValid ¶ added in v0.8.0
func (s MetadataKeyType) IsValid() bool
type MetadataPrivateKey ¶ added in v0.8.0
type MetadataPrivateKey struct {
ID string `json:"id,omitempty"`
MetadataKeyID string `json:"metadata_key_id,omitempty"`
UserID *string `json:"user_id,omitempty"` // TODO, is this nullable. The Docs says yes and no
Data string `json:"data,omitempty"`
Created Time `json:"created,omitempty"`
Modified Time `json:"modified,omitempty"`
CreatedBy *string `json:"created_by,omitempty"`
ModifiedBy *string `json:"modified_by,omitempty"`
DataSignedByCurrentUser *Time `json:"data_signed_by_current_user,omitempty"`
}
MetadataPrivateKey is a MetadataPrivateKey
type MetadataPrivateKeyData ¶ added in v0.8.0
type MetadataPrivateKeyData struct {
// ObjectType Must always be PASSBOLT_METADATA_PRIVATE_KEY
ObjectType string `json:"object_type,omitempty"`
// Domain Must be the Passbolt Server URL
Domain string `json:"domain,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
ArmoredKey string `json:"armored_key,omitempty"`
// Passphrase must be Empty for Server Keys
Passphrase string `json:"passphrase,omitempty"`
// When this key was Signed by our User for Trusting new keys which where trusted on other Devices
Signed Time `json:"signed,omitempty"`
}
MetadataPrivateKeyData is a MetadataPrivateKeyData
type MetadataSessionKey ¶ added in v0.8.0
type MetadataSessionKey struct {
ID string `json:"id,omitempty"`
UserID string `json:"user_id,omitempty"`
Data string `json:"data,omitempty"`
Created Time `json:"created,omitempty"`
Modified Time `json:"modified,omitempty"`
}
MetadataSessionKey is a MetadataSessionKey
type MetadataSessionKeyData ¶ added in v0.8.0
type MetadataSessionKeyData struct {
// ObjectType Must always be PASSBOLT_SESSION_KEYS
ObjectType string `json:"object_type,omitempty"`
SessionKeys []MetadataSessionKeyDataElement `json:"session_keys,omitempty"`
}
MetadataSessionKeyData is a MetadataSessionKeyData
type MetadataSessionKeyDataElement ¶ added in v0.8.0
type MetadataSessionKeyDataElement struct {
ForeignModel ForeignModelTypes `json:"foreign_model"`
ForeignID string `json:"foreign_id"`
SessionKey string `json:"session_key"`
Modified Time `json:"modified"`
}
MetadataSessionKeyDataElement is a MetadataSessionKeyDataElement
type MetadataTypeSettings ¶ added in v0.8.0
type MetadataTypeSettings struct {
DefaultResourceType PassboltAPIVersionType `json:"default_resource_types"`
DefaultFolderType PassboltAPIVersionType `json:"default_folder_type"`
DefaultTagType PassboltAPIVersionType `json:"default_tag_type"`
DefaultCommentType PassboltAPIVersionType `json:"default_comment_type"`
AllowCreationOfV5Resources bool `json:"allow_creation_of_v5_resources"`
AllowCreationOfV5Folders bool `json:"allow_creation_of_v5_folders"`
AllowCreationOfV5Tags bool `json:"allow_creation_of_v5_tags"`
AllowCreationOfV5Comments bool `json:"allow_creation_of_v5_comments"`
AllowCreationOfV4Resources bool `json:"allow_creation_of_v4_resources"`
AllowCreationOfV4Folders bool `json:"allow_creation_of_v4_folders"`
AllowCreationOfV4Tags bool `json:"allow_creation_of_v4_tags"`
AllowCreationOfV4Comments bool `json:"allow_creation_of_v4_comments"`
AllowV4V5Upgrade bool `json:"allow_v4_v5_upgrade"`
AllowV4V5Downgrade bool `json:"allow_v5_v4_downgrade"`
}
MetadataTypeSettings Contains the Servers Settings about which Types to use
type PassboltAPIVersionType ¶ added in v0.8.0
type PassboltAPIVersionType string
const ( PassboltAPIVersionTypeV4 PassboltAPIVersionType = "v4" PassboltAPIVersionTypeV5 PassboltAPIVersionType = "v5" )
func (PassboltAPIVersionType) IsValid ¶ added in v0.8.0
func (s PassboltAPIVersionType) IsValid() bool
type PasswordExpirySettings ¶ added in v0.8.0
type PasswordExpirySettings struct {
ID string `json:"id"`
DefaultExpiryPeriod int `json:"default_expiry_period,omitempty"`
PolicyOverride bool `json:"policy_override"`
AutomaticExpiry bool `json:"automatic_expiry"`
AutomaticUpdate bool `json:"automatic_update"`
ExpiryNotificationPeriod int `json:"expiry_notification_period,omitempty"`
Created time.Time `json:"created"`
Modified time.Time `json:"modified"`
CreatedBy string `json:"created_by"`
ModifiedBy string `json:"modified_by"`
}
PasswordExpirySettings contains the Password expiry settings
type PendingSessionKey ¶ added in v0.8.0
type PendingSessionKey struct {
ForeignModel ForeignModelTypes // "Resource", "Folder", "Tag"
ForeignID string // UUID of the resource/folder/tag
SessionKey string // Format: "9:HEXHEX..." (algorithm:hex-encoded key)
Modified Time // When this session key was extracted
}
PendingSessionKey represents a session key that was extracted during decryption and is pending to be saved to the server
type Permission ¶
type Permission struct {
ID string `json:"id,omitempty"`
ACO string `json:"aco,omitempty"`
ARO string `json:"aro,omitempty"`
ACOForeignKey string `json:"aco_foreign_key,omitempty"`
AROForeignKey string `json:"aro_foreign_key,omitempty"`
Type int `json:"type,omitempty"`
Delete bool `json:"delete,omitempty"`
IsNew bool `json:"is_new,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
}
Permission is a Permission
type Profile ¶
type Profile struct {
ID string `json:"id,omitempty"`
UserID string `json:"user_id,omitempty"`
FirstName string `json:"first_name,omitempty"`
LastName string `json:"last_name,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
Avatar *Avatar `json:"avatar,omitempty"`
}
Profile is a Profile
type PublicKeyReponse ¶
type PublicKeyReponse struct {
Fingerprint string `json:"fingerprint"`
Keydata string `json:"keydata"`
}
PublicKeyReponse the Body of a Public Key Api Request
type Resource ¶
type Resource struct {
ID string `json:"id,omitempty"`
Created *Time `json:"created,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
Creator *User `json:"creator,omitempty"`
Deleted bool `json:"deleted,omitempty"`
Description string `json:"description,omitempty"`
Favorite *Favorite `json:"favorite,omitempty"`
Modified *Time `json:"modified,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"`
Modifier *User `json:"modifier,omitempty"`
Name string `json:"name,omitempty"`
Permission *Permission `json:"permission,omitempty"`
URI string `json:"uri,omitempty"`
Username string `json:"username,omitempty"`
FolderParentID string `json:"folder_parent_id,omitempty"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
ResourceType ResourceType `json:"resource_type,omitempty"`
MetadataKeyID string `json:"metadata_key_id,omitempty"`
MetadataKeyType MetadataKeyType `json:"metadata_key_type,omitempty"`
Metadata string `json:"metadata,omitempty"`
Secrets []Secret `json:"secrets,omitempty"`
Tags []Tag `json:"tags,omitempty"`
Expired *Time `json:"expired,omitempty"`
}
Resource is a Resource. Warning: Since Passbolt v3 some fields here may not be populated as they may be in the Secret depending on the ResourceType, for now the only Field like that is the Description. With Passbolt v5 it is now Possible that all Unencrypted User Supplied Fields are empty, and need to be decrypted from the Metadata Message
type ResourceShareRequest ¶
type ResourceShareRequest struct {
}
ResourceShareRequest is a ResourceShareRequest
type ResourceShareSimulationChange ¶
type ResourceShareSimulationChange struct {
}
ResourceShareSimulationChange is a single change
type ResourceShareSimulationChanges ¶
type ResourceShareSimulationChanges struct {
}
ResourceShareSimulationChanges contains the Actual Changes
type ResourceShareSimulationResult ¶
type ResourceShareSimulationResult struct {
}
ResourceShareSimulationResult is the Result of a Sharing Simulation
type ResourceShareSimulationUser ¶
type ResourceShareSimulationUser struct {
}
ResourceShareSimulationUser contains the users id
type ResourceType ¶
type ResourceType struct {
ID string `json:"id,omitempty"`
Slug string `json:"slug,omitempty"`
Description string `json:"description,omitempty"`
Definition json.RawMessage `json:"definition,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
}
ResourceType is the Type of a Resource
func (*ResourceType) HasMetadataField ¶ added in v0.8.0
func (rt *ResourceType) HasMetadataField(field string) bool
HasMetadataField returns true if the resource type's metadata schema contains the given field.
func (*ResourceType) HasSecretField ¶ added in v0.8.0
func (rt *ResourceType) HasSecretField(field string) bool
HasSecretField returns true if the resource type's secret schema contains the given field.
func (*ResourceType) IsSecretString ¶ added in v0.8.0
func (rt *ResourceType) IsSecretString() bool
IsSecretString returns true if the resource type's secret is a plain string (not JSON). This is determined by checking the "type" field of the secret section in the definition schema. Returns false if the definition cannot be parsed.
func (*ResourceType) IsV5 ¶ added in v0.8.0
func (rt *ResourceType) IsV5() bool
IsV5 returns true if this is a v5 resource type (has encrypted metadata). V5 resource types use a "v5-" slug prefix.
type ResourceTypeSchema ¶ added in v0.7.0
type Role ¶
type Role struct {
ID string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Created *Time `json:"created,omitempty"`
Description string `json:"description,omitempty"`
Modified *Time `json:"modified,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"`
Deleted bool `json:"deleted,omitempty"`
DeletedBy string `json:"deleted_by,omitempty"`
Avatar Avatar `json:"avatar,omitempty"`
}
Role is a Role
type SearchAROsOptions ¶
type SearchAROsOptions struct {
FilterSearch string `url:"filter[search],omitempty"`
}
SearchAROsOptions are all available query parameters
type Secret ¶
type Secret struct {
ID string `json:"id,omitempty"`
UserID string `json:"user_id,omitempty"`
ResourceID string `json:"resource_id,omitempty"`
Data string `json:"data,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
}
Secret is a Secret
type SecretDataTOTP ¶ added in v0.7.0
type SecretDataTOTP struct {
Algorithm string `json:"algorithm"`
SecretKey string `json:"secret_key"`
Digits int `json:"digits"`
Period int `json:"period"`
}
SecretDataTOTP represents the TOTP sub-object in secret data
type SecretDataTypePasswordAndDescription
deprecated
type SecretDataTypePasswordAndDescription struct {
Password string `json:"password"`
Description string `json:"description,omitempty"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypePasswordAndDescription is the format a secret of resource type "password-and-description" is stored in
type SecretDataTypePasswordDescriptionTOTP
deprecated
added in
v0.7.0
type SecretDataTypePasswordDescriptionTOTP struct {
Password string `json:"password"`
Description string `json:"description,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypePasswordDescriptionTOTP is the format a secret of resource type "password-description-totp" is stored in
type SecretDataTypeTOTP
deprecated
added in
v0.7.0
type SecretDataTypeTOTP struct {
TOTP SecretDataTOTP `json:"totp"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypeTOTP is the format a secret of resource type "totp" is stored in
type SecretDataTypeV5Default
deprecated
added in
v0.8.0
type SecretDataTypeV5Default struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Password string `json:"password,omitempty"`
Description string `json:"description,omitempty"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypeV5Default represents the secret data for a V5 default resource.
type SecretDataTypeV5DefaultWithTOTP
deprecated
added in
v0.8.0
type SecretDataTypeV5DefaultWithTOTP struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Password string `json:"password,omitempty"`
Description string `json:"description,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypeV5DefaultWithTOTP represents the secret data for a V5 default resource with TOTP.
type SecretDataTypeV5PasswordString
deprecated
added in
v0.8.0
type SecretDataTypeV5PasswordString string
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypeV5PasswordString is just the password directly.
type SecretDataTypeV5TOTPStandalone
deprecated
added in
v0.8.0
type SecretDataTypeV5TOTPStandalone struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.
SecretDataTypeV5TOTPStandalone represents the secret data for a V5 standalone TOTP resource.
type ServerPassboltPluginSettings ¶ added in v0.8.0
type ServerPassboltPluginSettings struct {
Enabled bool `json:"enabled"`
Version string `json:"version"`
}
ServerPassboltPluginSettings contains the Settings of a Specific Passbolt Plugin
type ServerPassboltSettings ¶ added in v0.8.0
type ServerPassboltSettings struct {
Plugins map[string]ServerPassboltPluginSettings `json:"plugins"`
}
ServerPassboltSettings contains Passbolt specific server settings
func (*ServerPassboltSettings) IsPluginEnabled ¶ added in v0.8.0
func (ps *ServerPassboltSettings) IsPluginEnabled(name string) bool
type ServerSettingsResponse ¶ added in v0.8.0
type ServerSettingsResponse struct {
Passbolt ServerPassboltSettings `json:"passbolt"`
}
ServerSettingsResponse contains all Servers Settings
type SetupCompleteRequest ¶
type SetupCompleteRequest struct {
AuthenticationToken AuthenticationToken `json:"authenticationtoken,omitempty"`
GPGKey GPGKey `json:"gpgkey,omitempty"`
User User `json:"user,omitempty"`
}
type SetupInstallResponse ¶
type SetupInstallResponse struct {
User `json:"user,omitempty"`
}
type Time ¶
Time is here to unmarshall time correctly
func (Time) MarshalJSON ¶
MarshalJSON Marshals Passbolt *Time
func (*Time) UnmarshalJSON ¶
UnmarshalJSON Parses Passbolt *Time
type UpdateGroupDryRun ¶
type UpdateGroupDryRun struct {
// for which users the secrets need to be reencrypted
SecretsNeeded []UpdateGroupSecretsNeededContainer `json:"SecretsNeeded,omitempty"`
// secrets needed to be reencrypted
Secrets []GroupSecret `json:"Secrets,omitempty"`
}
UpdateGroupDryRun contains the Actual Secrets Needed to update the group
type UpdateGroupDryRunResult ¶
type UpdateGroupDryRunResult struct {
DryRun UpdateGroupDryRun `json:"dry-run,omitempty"`
}
UpdateGroupDryRunResult is the Result of a Update Group DryRun
type UpdateGroupDryRunSecretsNeeded ¶
type UpdateGroupDryRunSecretsNeeded struct {
ResourceID string `json:"resource_id,omitempty"`
UserID string `json:"user_id,omitempty"`
}
UpdateGroupDryRunSecretsNeeded a secret that needs to be reencrypted for a specific user
type UpdateGroupSecretsNeededContainer ¶
type UpdateGroupSecretsNeededContainer struct {
Secret UpdateGroupDryRunSecretsNeeded `json:"Secret,omitempty"`
}
UpdateGroupSecretsNeededContainer is a unnessesary container...
type User ¶
type User struct {
ID string `json:"id,omitempty"`
Created *Time `json:"created,omitempty"`
Active bool `json:"active,omitempty"`
Deleted bool `json:"deleted,omitempty"`
Disabled *Time `json:"disabled,omitempty"`
Description string `json:"description,omitempty"`
Favorite *Favorite `json:"favorite,omitempty"`
Modified *Time `json:"modified,omitempty"`
Username string `json:"username,omitempty"`
RoleID string `json:"role_id,omitempty"`
Profile *Profile `json:"profile,omitempty"`
Role *Role `json:"role,omitempty"`
GPGKey *GPGKey `json:"gpgkey,omitempty"`
LastLoggedIn string `json:"last_logged_in,omitempty"`
Locale string `json:"locale,omitempty"`
// Admin only, needs contains
MissingMetadataKeyIDs []string `json:"missing_metadata_key_ids,omitempty"`
// GroupsUsers contains group membership data (returned by SearchAROs endpoint)
GroupsUsers []GroupMembership `json:"groups_users,omitempty"`
}
User contains information about a passbolt User
Source Files
¶
- api.go
- auth.go
- client.go
- comments.go
- crud.go
- doc.go
- encryption.go
- errors.go
- favorites.go
- folders.go
- foreign_model.go
- gpgkey.go
- groups.go
- healthcheck.go
- metadata.go
- metadata_sessionkey.go
- metadata_settings.go
- metadatakey.go
- mfa.go
- misc.go
- password_expiry.go
- permissions.go
- resource_types.go
- resources.go
- roles.go
- schema.go
- secrets.go
- settings.go
- setup.go
- share.go
- time.go
- users.go
- verify.go